Apple Prototypes and Corporate Secrets Are for Sale Online–If You Know Where (opens in new tab)

(wired.com)

118 pointsmandatory1y ago50 comments

50 comments

>chaining together a dozen dilapidated second-generation iPhone SEs and harnessing Apple's Live Text optical character-recognition feature to find possible inventory tags

This is the second time I've read about an iPhone OCR rack https://findthatmeme.com/blog/2023/01/08/image-stacks-and-ip...

Is this still state of the art in terms of local OCR?

mandatoryOP1y ago

It's just because I did this talk and made FindThatMeme :) so not a popular method, just what I used to do large scale OCR.

krackers1y ago

Oh I completely missed that you're actually the same guy!

talldayo1y ago

I think Tesseract is the smarter/faster/less obnoxious choice if you're not trying to parse weird meme text like the blog is doing. There's almost certainly a better paid option available in our enlightened AI age, but I don't even think you'd need AI for this use-case.

oefrha1y ago

Last time I used tesseract (a year ago?) it’s still pretty useless if your text isn’t on a clean background. It doesn’t even come close to Apple’s proprietary on-device OCR.

1 more reply

kergonath1y ago

The Apple framework is much, much better than Tesseract, and quicker as well. It is really good. Of course if you don’t need on-device processing, then there are cloud services that are better.

mike_d1y ago

> I think Tesseract is the smarter/faster/less obnoxious choice [...] There's almost certainly a better paid option available in our enlightened AI age

It would have cost $375,000 to use cloud OCR for this project. Mandatory is absolutely a baller, but not crazy enough to spend that kind of money on the project.

If you can get Tesseract to generate comparable results with sub-optimal images from eBay listings, I'd love to know more.

egorfine1y ago

I have tried to use Tesseract to extract serial numbers from photos of iPhone boxes and had a 100% failure rate.

I have then employed a multimodal LLM and had a 100% success rate.

j451y ago

I have seen some models mix LLM with ocr to improve both.

Considering what apps like Notes can do low key on iOS… I wouldn’t be surprised if there would exist more capability.

Iirc, Apple was holding back improvements to Siri and other techs.

epakai1y ago

Some of these developer devices get 'destroyed' and sold as scrap. dosdude1 has restored some of these kinds of devices to working order. There's pretty neat video of the restorations:

ARM Apple Silicon Developer Transition Kit: https://www.youtube.com/watch?v=reQq8fx4D0Q iPod Touch dev board: https://www.youtube.com/watch?v=qLCt6oHPTQM

The PCB repair technique for the DTK is pretty cool on its own.

userbinator1y ago

That first video appeared on HN with some discussion: https://news.ycombinator.com/item?id=40422359

JKCalhoun1y ago

https://archive.is/4mxX1

miki1232111y ago

This is why solutions like Bitlocker with a good TPM or FileVault are so important.

They can essentially guarantee that the disk encryption key will only be released from the security module if the computer is running a fully-trusted and signed OS. Even if you take the drive out of the machine, the data on that drive is completely useless to you.

Incidentally, this is also what makes short PINs secure; the TPM contents are unreadable, even to a skilled attacker, so if the TPM is guaranteeed to wipe itself after 10 tries, even a 4-digit PIN is secure enough.

userbinator1y ago

the TPM contents are unreadable, even to a skilled attacker

Depends how "skilled". Nation-state level? Most definitely not. "IC break" services in China? Maybe. AFAIK TPMs are based on similar secure-processor designs as the chips in payment cards and other smartcards, and even those with enough determination and $$$, or the right equipment, will get you through.

Here's an old but quite thorough discussion of the techniques involved: https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-630.pdf

noident1y ago

I don't understand. Why aren't these devices using full disk encryption?

egorfine1y ago

Some people are incapable of locating and checking a checkbox. I know, it sounds incredibly weird for us, tech people, but that's a reality.

grishka1y ago

> After he evaluated the Time Capsule's contents, Bryant notified Apple about his findings, and the company's London security office eventually asked him to ship the Time Capsule back.

> Bryant again reported his findings to Apple and returned the Mac Mini to them.

Why the hell did he do that?! It's, like, the worst thing one can possibly do with these kinds of devices. Just publish stuff that doesn't have anyone's personal data in it. That'll make the world better in the end.

tomcam1y ago

Because he didn’t want the heavy hand of Apple’s legal department ruining his life

grishka1y ago

First of all, he could release it anonymously. Second, what law or contract would he be breaking anyway? An NDA with Apple that he never signed? Sure there is a person who breached an NDA in relation to the proprietary information contained in these devices, but that person is whomever was tasked with decommissioning them before resale.

2 more replies

userbinator1y ago

Instead, Apple's legal department will now ruin someone else's life --- one of its own employees, most likely.

notinmykernel1y ago

IMO, it's a personal philosophy. Similar to why hackers choose to report vulnerabilities to bug bounties vs. release findings on sites like Hack Forums.

We all know companies are predatory, and in many cases companies (looking right at you Google and Microsoft) continue to refuse to pay people for discovering, documenting and reporting high-severity vulnerabilities. That doesn't mean we as individuals forfeit our principles and become just as corrupt as the "faceless corporate entities."

grishka1y ago

For vulnerabilities I can at least understand that — most of them can be used nefariously, and you also get a shitton of money if you report it. Publishing some company's trade secrets, though, would only hurt their bottom line, which isn't necessarily even a bad thing for a company that has orders of magnitude more money than it knows what to do with.

egorfine1y ago

> That'll make the world better in the end

citation needed.

rbanffy1y ago

The ones I’m interested would be the ones donated to Berkeley. I hope one day they make it to a proper museum.

Or, at least, catalogued, scanned, and photographed.

JKCalhoun1y ago

Looks like the software was looking for labels like this: https://www.reddit.com/media?url=https%3A%2F%2Fpreview.redd....

mandatoryOP1y ago

Yep, that's an example of what the automated scanning looks for. You can see a very similar example in the slides: https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20pre...

jamesy0ung1y ago

A lot of prototypes can be found on a Chinese website called xianyu

popcalc1y ago

What search terms to use?

The_SamminAter1y ago

Would you be willing to publish the iOS OCR server you made? It would be greatly useful in some of my products, as as you’ve noted other options have either low-quality results (tesseract, some cloud-based solutions) or are expensive in comparison for large amounts of images (most cloud-based solutions). That and it’d allow some of us to put our old phones to use.

_boffin_1y ago

Here's something i've used a few times. It's not using the phone, but rather a mac mini that's sitting in the corner. Quickly made this repo -- mind the mess.

https://github.com/mr-boffin/fruit-native-ocr

The_SamminAter1y ago

I’m afraid neither user or the repo exist on github - perhaps did you typo?

2 more replies

kotaKat1y ago

The amount of corporate crap I find on eBay from e-recycling is abundant and fantastic. And cheap!

I've seen everything from Amazon's palm-scanners to a tactical LTE base station once used by NIST to all sorts of Zebras full of fun software.

kome1y ago

very, very brilliant! but the fact he returned the data is mind-blowing to me... i would have published everything on a torrent and good luck.

fsflover1y ago

https://news.ycombinator.com/item?id=41220153

jfdjkfdhjds1y ago

the only things anyone ever wanted to know from apple is their aggressive business tactics... and most of that is already public thanks to the many processes they lost along the way. from labour salary fixing across industries to pushing obvious monopolies in the face of the publishing industry.

I think the only piece I'd pay to read is how they negotiated with spotify.

j / k navigate · click thread line to collapse

50 comments

krackers1y ago

>chaining together a dozen dilapidated second-generation iPhone SEs and harnessing Apple's Live Text optical character-recognition feature to find possible inventory tags

This is the second time I've read about an iPhone OCR rack https://findthatmeme.com/blog/2023/01/08/image-stacks-and-ip...

Is this still state of the art in terms of local OCR?

mandatoryOP1y ago

It's just because I did this talk and made FindThatMeme :) so not a popular method, just what I used to do large scale OCR.

krackers1y ago

Oh I completely missed that you're actually the same guy!

talldayo1y ago

oefrha1y ago

Last time I used tesseract (a year ago?) it’s still pretty useless if your text isn’t on a clean background. It doesn’t even come close to Apple’s proprietary on-device OCR.

1 more reply

kergonath1y ago

The Apple framework is much, much better than Tesseract, and quicker as well. It is really good. Of course if you don’t need on-device processing, then there are cloud services that are better.

mike_d1y ago

> I think Tesseract is the smarter/faster/less obnoxious choice [...] There's almost certainly a better paid option available in our enlightened AI age

It would have cost $375,000 to use cloud OCR for this project. Mandatory is absolutely a baller, but not crazy enough to spend that kind of money on the project.

If you can get Tesseract to generate comparable results with sub-optimal images from eBay listings, I'd love to know more.

egorfine1y ago

I have tried to use Tesseract to extract serial numbers from photos of iPhone boxes and had a 100% failure rate.

I have then employed a multimodal LLM and had a 100% success rate.

j451y ago

I have seen some models mix LLM with ocr to improve both.

Considering what apps like Notes can do low key on iOS… I wouldn’t be surprised if there would exist more capability.

Iirc, Apple was holding back improvements to Siri and other techs.

epakai1y ago

Some of these developer devices get 'destroyed' and sold as scrap. dosdude1 has restored some of these kinds of devices to working order. There's pretty neat video of the restorations:

ARM Apple Silicon Developer Transition Kit: https://www.youtube.com/watch?v=reQq8fx4D0Q iPod Touch dev board: https://www.youtube.com/watch?v=qLCt6oHPTQM

The PCB repair technique for the DTK is pretty cool on its own.

userbinator1y ago

That first video appeared on HN with some discussion: https://news.ycombinator.com/item?id=40422359

JKCalhoun1y ago

https://archive.is/4mxX1

miki1232111y ago

This is why solutions like Bitlocker with a good TPM or FileVault are so important.

userbinator1y ago

the TPM contents are unreadable, even to a skilled attacker

Here's an old but quite thorough discussion of the techniques involved: https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-630.pdf

noident1y ago

I don't understand. Why aren't these devices using full disk encryption?

egorfine1y ago

Some people are incapable of locating and checking a checkbox. I know, it sounds incredibly weird for us, tech people, but that's a reality.

grishka1y ago

> After he evaluated the Time Capsule's contents, Bryant notified Apple about his findings, and the company's London security office eventually asked him to ship the Time Capsule back.

> Bryant again reported his findings to Apple and returned the Mac Mini to them.

tomcam1y ago

Because he didn’t want the heavy hand of Apple’s legal department ruining his life

grishka1y ago

2 more replies

userbinator1y ago

Instead, Apple's legal department will now ruin someone else's life --- one of its own employees, most likely.

notinmykernel1y ago

IMO, it's a personal philosophy. Similar to why hackers choose to report vulnerabilities to bug bounties vs. release findings on sites like Hack Forums.

grishka1y ago

egorfine1y ago

> That'll make the world better in the end

citation needed.

rbanffy1y ago

The ones I’m interested would be the ones donated to Berkeley. I hope one day they make it to a proper museum.

Or, at least, catalogued, scanned, and photographed.

JKCalhoun1y ago

Looks like the software was looking for labels like this: https://www.reddit.com/media?url=https%3A%2F%2Fpreview.redd....

mandatoryOP1y ago

Yep, that's an example of what the automated scanning looks for. You can see a very similar example in the slides: https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20pre...

jamesy0ung1y ago

A lot of prototypes can be found on a Chinese website called xianyu

popcalc1y ago

What search terms to use?

The_SamminAter1y ago

_boffin_1y ago

Here's something i've used a few times. It's not using the phone, but rather a mac mini that's sitting in the corner. Quickly made this repo -- mind the mess.

https://github.com/mr-boffin/fruit-native-ocr

The_SamminAter1y ago

I’m afraid neither user or the repo exist on github - perhaps did you typo?

2 more replies

kotaKat1y ago

The amount of corporate crap I find on eBay from e-recycling is abundant and fantastic. And cheap!

I've seen everything from Amazon's palm-scanners to a tactical LTE base station once used by NIST to all sorts of Zebras full of fun software.

kome1y ago

very, very brilliant! but the fact he returned the data is mind-blowing to me... i would have published everything on a torrent and good luck.

fsflover1y ago

https://news.ycombinator.com/item?id=41220153

jfdjkfdhjds1y ago

I think the only piece I'd pay to read is how they negotiated with spotify.

j / k navigate · click thread line to collapse